计算机工程与应用 ›› 2019, Vol. 55 ›› Issue (22): 60-68.DOI: 10.3778/j.issn.1002-8331.1904-0188

• 网络、通信与安全 • 上一篇    下一篇

HA2:层次化的物联网感知设备固件异常分析技术

马峻岩,张颖,李易,王瑾,张特   

  1. 长安大学 信息工程学院,西安 710064
  • 出版日期:2019-11-15 发布日期:2019-11-13

HA2:Hierarchical Anomaly Analysis Technology for IoT Sensing Device Firmware

MA Junyan, ZHANG Ying, LI Yi, WANG Jin, ZHANG Te   

  1. School of Information and Engineering, Chang’an University, Xi’an 710064, China
  • Online:2019-11-15 Published:2019-11-13

摘要: 物联网底层一般包含大量的感知终端,这些设备是物联网应用与服务的基础。然而,由于在计算、存储、传输带宽等资源上的限制,感知设备固件程序运行时可获得状态非常有限,一旦这些设备出现异常,相关人员往往缺乏足够的手段对其开展分析。针对这一问题,提出一种层次化的物联网感知设备固件异常分析技术(Hierarchical Anomaly Analysis,HA2)。该方法以物联网感知节点程序静态结构及动态运行轨迹特征为基础,借助一分类支持向量机和统计推断方法,可以实现区间、任务和函数三个层次的异常检测,并生成相应的异常分析报告。实验表明该方法与现有方法相比,在收集异常分析特征方面具有较小的存储及运行开销。开源代码库中的缺陷实例分析表明,与现有方法相比HA2的层次化异常分析报告可以大大缩小异常分析范围,为用户分析、修复异常提供有效帮助。

关键词: 物联网设备固件, 一分类支持向量机(OCSVM), 假设检验, 层次化, 异常分析

Abstract: The bottom layer of the Internet of Things(IoT) usually contains a large number of sensing terminals, which are the foundation of IoT application and services. However, due to the limitation on resources such as computing, storage and transmission bandwidth, it is very limited to be available when the sensing device firmware program runs. As a result, when these devices are abnormal, relevant personnel often lack sufficient means to analyze them. To solve the above problem, a Hierarchical Anomaly Analysis(HA2) technology for IoT sensing device firmware is proposed. The method is based on the static structure and dynamic track characteristics of the IoT sensor node program. With the help of OCSVM and statistical inference methods, it can realize the anomaly detection at three levels, including interval, task and function, and generate the corresponding anomaly analysis report. Experiments show that compared with the existing methods, the proposed method has less storage and operation cost in collecting the characteristics of anomaly analysis. At the same time, the analysis of defects in open source database shows that the analysis report of HA2 can greatly reduce the scope of anomaly analysis and provide effective help for users to analyze and fix the anomalies.

Key words: IoT device firmware, One-Class Support Vector Machine(OCSVM), hypothesis testing, hierarchical, anomaly analysis